Servers talking to servers need to authenticate themselves to each other. And in order to do that, they need a secret (password or certificate). That's a pretty normal IT problem not limited to game servers.
The usual solution is not to hardcode the credentials in the sourcecode, but to put them into a separate configuration fileput them into a separate configuration file read by the server at runtime.
If it is not too much work to implement on your technology stack, then I would recommend to use certificate-based authenticationcertificate-based authentication instead of password-authentication for server-server communication. It has the advantage that the database only needs the public key of the gameserver, while the private key remains on the gameserver. The less copies of the login credentials are around, the better.
Firewall rules which prevent any other IP address except the server IP from connecting to the write-enabled IP can be an additional measure as part of a defense-in-depth strategy, but I would not rely on that. The reason is that when the authentication system breaks, you will notice immediately. But when the firewall rules get deactivated for some reason, you might not notice anything until someone successfully connects to the database who shouldn't.